Employment law: employers urged not to snoop on staff following European Court of Human Rights ruling

Employers have been urged not to indulge in invasive surveillance by reading their employees’ private messages, following a European Court ruling last week in which judges ruled a Romanian man whose employer read his private family messages had not had his rights violated. The case in the European Court of Human Rights did not introduce any new employment law rules, but merely acted as a stress test for those that already allowed similar surveillance by employers in some circumstances.

A series of groups representing both directors and workers have spoken and warned employers not to abuse the ruling. The European Trade Union Confederation, which represents workers across the continent, said the judges’ decision should not act as a “green light… to start snooping” on staff.

Institute of Directors director general Simon Walker said:

“Employees should not be subject to Stasi-style surveillance at work. We would strongly urge businesses not to read an employee’s personal messages, apart from in the most exceptional circumstances.”

These sentiments were echoed by the privacy campaign group Big Brother Watch, which said:

“None of us should ever assume that what we do online during work hours or when using devices owned by our employer, such as computers, tablets or mobile phones, is private – but, equally, no employee should be in fear of being monitored by their boss.”

So what exactly did the European Court judgement say?

Well, the judges said Romania had not failed to uphold the right to a private life of its citizen Bogdan Barbulescu. Mr Barbulescu had said his rights had been violated and, having been unsuccessful in arguing as much in the domestic courts, asked the judges to rule that Romania had failed in its duty to him.

His employer had sacked him after finding he had been using a Yahoo Messenger account to speak to both his fiancée and his brother, despite having been asked to set up the account for work purposes only, the seven judges said. The company had also banned private use of the internet at work, and had therefore been justified in reading both the work and private correspondence on the account – even though some of it was highly sensitive.

Does the European Court’s ruling make it legal for employers to snoop on their employees’ communications?

No, it doesn’t, nor does the court’s decision introduce new measures. Reading the messages was already legal in Romania, as it is in other countries, including the UK. All the judgement actually said was that in its opinion the circumstances in which Mr Barbulescu’s messages had been read did not represent a breach of his right to a private life.

The court’s decision does not introduce new measures. What the judges did was decline to send a signal to courts across Europe that they considered surveillance under those circumstances unacceptable. If the judges had found the other way, the Romanian government would have been obliged to abide by their decision. Other jurisdictions, however, would not, because European Court of Human Rights decisions affect only the country named in the case.

The effect of European Court decisions on domestic courts is different. Each country adopts its own approach to the court’s decisions. In the UK judges are obliged to take decisions into account, not to follow them unquestioningly, as is sometimes claimed. Moreover, the court’s decision did not actually go further than existing UK laws, which already allows some reading of employees’ communications under certain circumstances.

In the UK, the amount of access employers have to employees’ communications is defined by a series of laws and regulations that balance when it is lawful against when it is proportionate and necessary. However, the exception to this rule is in the banking sector. The banking regulator, the Financial Conduct Authority, requires banking companies to “take reasonable steps to record relevant telephone conversations, and keep a copy of relevant electronic communications” on company equipment. FCA-regulated businesses must also take steps to stop staff sending work messages on their own equipment.